1. Computing

Hacker steals at least 58 million personal records from data management firm

By

1129714 autosave v1 hackers22
Shutterstock
Hardly a day goes by lately when we don’t hear about a massive data breach. Whether it’s a major retail outlet like Home Depot, an electronic auction service like eBay, or an online services company like Yahoo, no matter where your personal data resides it seems wide open to malicious attack. Research shows that there have been 2,928 publicly disclosed attacks so far in 2016 involving greater than 2.2 billion records in total.

Sometimes, you know that you’re a victim of a data breach, such as when Blue Cross Blue Shield company Carefirst was hacked and over a million records were stolen. Sometimes, however, as with the recent data breach at Modern Business Solutions (MBS), you may not even be aware that the company exists, according to security firm Risk Based Security.

Related: Target data breach forces CEO out the door

MBS is a company specializing in providing in-house data management and monetization services to other companies. If you’re an MBS customer, then you probably don’t even know it, and the 58 million stolen database records could belong to just about anyone.

The hacker who perpetrated the theft is known by the Twitter handle @0x2Taylor, and apparently the stolen data was posted multiple times over the past weekend. The data was quickly removed each time, but it included complete names, IP addresses, dates of birth, email addresses, vehicle data, and occupations. In other words, the data would be incredibly helpful for conducting further, highly individualized attacks such as identity theft.

Perhaps worst, the breach was made possible due to the use of an obvious attack vector. MBS was using an open MongoDB database, and apparently all that was needed for the attack to occur was for the IP address of that database to be communicated online. Rather than informing MBS of the security issue, whoever found the database leaked it to acquaintances instead. From there, the attack was both simple and straightforward.

At this point, there’s some confusion as to the actual number of records that were released. While it’s at least 58 million, it could be as many as 258 million based on an analysis of the database involved. While research is ongoing, it’s entirely possible that we’ll never know exactly how much data was released and who was affected.

Normally we would give various recommendations about being aware of where your personal data is being stored and to respond appropriately to any notifications of a data breach. In this case, there’s not much you can do except invest in a credit and data monitoring service of some sort to make sure you’re generally protected — because you never know when you might be attacked and not even know it.

Editors' Recommendations

The 52 best movies on Amazon Prime Video right now

Lou de Laâge and Mélanie Laurent in The Mad Women's Ball on Amazon Prime Video.

How to transfer data from your PS4 to PS5

ps4 trophies everything you need to know ps5 japan

The 100 best Android apps (September 2021)

best Android apps

Here’s how I tracked down the people selling my data, then stopped them

Man using Optery on laptop

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Best cheap Apple deals and sales for September 2021

dell xps 15 vs macbook pro 16 apple ry 14 1200x9999

HP is having a huge sale on laptops and monitors — Here are the best deals

The HP Envy x360 laptop has a 360-degree hinge

How does Ring Live View work?

Ring Video Doorbell installed on a home.

24 hours hands-on with the iPhone 13, Pro, Max, and Mini: Refinements all around

iPhone 13 models arrayed with screen on.

Apex Legends Seer guide: How to play, abilities, and lore

Seer taunting towards the camera.

Everything we know about Bayonetta 3

Bayonetta in Bayonetta 3.

The best movies leaving Hulu at the end of September

The cast of A Fish Called Wanda.

The 90 best movies on Hulu right now

Jeff Bridges in Crazy Heart.